CN101635823A - Method and system of terminal for encrypting videoconference data - Google Patents
Method and system of terminal for encrypting videoconference data Download PDFInfo
- Publication number
- CN101635823A CN101635823A CN 200910090587 CN200910090587A CN101635823A CN 101635823 A CN101635823 A CN 101635823A CN 200910090587 CN200910090587 CN 200910090587 CN 200910090587 A CN200910090587 A CN 200910090587A CN 101635823 A CN101635823 A CN 101635823A
- Authority
- CN
- China
- Prior art keywords
- terminal
- video conference
- conference server
- authentication
- autn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004891 communication Methods 0.000 claims abstract description 20
- 238000004364 calculation method Methods 0.000 claims abstract description 3
- 230000008569 process Effects 0.000 claims description 24
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 abstract description 5
- 230000004044 response Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 101000741965 Homo sapiens Inactive tyrosine-protein kinase PRAG1 Proteins 0.000 description 1
- 102100038659 Inactive tyrosine-protein kinase PRAG1 Human genes 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method of a terminal for encrypting videoconference data, which comprises the following steps: generating a network authentication token (AUTN) by a terminal in authentication with a videoconference server; carrying random passwords (RAND) by the videoconference server in media format negotiation requests sent to the terminal after the authentication is succeeded; calculating an encryption key by the terminal by combining the AUTN and the RAND; carrying out negotiation of encryption key and encryption calculation with the videoconference server; and carrying out encryption communication between the two parties after the negotiation is unified. The invention also discloses a system of a terminal for encrypting videoconference data. The method and the system can be used for encrypting videoconference data and ensuring the confidential transmission of the videoconference data. Because user names registered in each terminal are different in a videoconference, encryption keys generated by each terminal are different. In the communication between a terminal and a server, the invention can effectively prevent a third party from eavesdropping.
Description
Technical Field
The invention relates to a video conference technology in the communication field, in particular to a method and a system for encrypting video conference data based on an IP Multimedia System (IMS) by a terminal.
Background
With the development of communication networks, third generation digital communication (3G) systems gradually move closer to Long Term Evolution (LTE) systems, and therefore, mobile operators need to introduce an IMS domain architecture to control existing communication services, and an IMS-based video conference is one of the services.
Currently, 3G terminals have achieved the capability of accessing IMS video conferencing, and a number of operators are also actively developing IMS-based video conferencing. IMS video conferencing is a centralized conference that requires the IMS core network to provide application server support, such as: a service type call session control function (S-CSCF) entity provided by the IMS core network is used for negotiation of a Session Initiation Protocol (SIP) in a conference service, a media resource control function (MRFC) entity and a media resource processing function (MRFP) entity provided by the IMS core network are used for processing and switching of various media streams and a floor, and a conference policy server provided by the IMS core network is used for managing a conference policy formulated by a loading user and an operator. The IMS video conference uses SIP on the control plane, and the transmission of SIP signaling by the third generation partnership project (3GPP) and Internet Engineering Task Force (IETF) specifies various methods for authentication and security assurance, so as to ensure the security and confidentiality of information transmitted on the control plane, but in the prior art, data of the IMS video conference is not encrypted, that is: the safety of the information transmitted on the user plane is not guaranteed, audio data, video data and the like in the video conference can be leaked for terminals illegally accessed to the video conference system, and because the IMS belongs to the IP network, if malicious users catch reports on the IP network in the whole network, the data of the video conference can be easily acquired. Therefore, the safety of the existing video conference data is not guaranteed.
Disclosure of Invention
In view of this, the main objective of the present invention is to provide a method and a system for encrypting videoconference data by a terminal, which can implement encryption of videoconference data.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the invention provides a method for encrypting video conference data by a terminal, which comprises the following steps:
the terminal generates a network authentication token AUTN in the authentication process with the video conference server, after the authentication is successful, the video conference server carries a random password RAND in a media format negotiation request sent to the terminal, the terminal calculates an encryption key by combining the AUTN and the RAND, then negotiates the encryption key and an encryption algorithm with the video conference server, and encrypted communication between the two parties is started after the negotiation is unified.
Wherein, in the authentication process of the terminal and the video conference server, the method further comprises:
and after the authentication fails, the terminal executes the authentication operation with the video conference server again.
Further, in the process of negotiating the encryption key and the encryption algorithm between the terminal and the video conference server, the method further includes:
and if the encryption key negotiation between the terminal and the video conference server is not uniform, the terminal re-executes the media format negotiation operation between the terminal and the video conference server.
In the above scheme, the process of authenticating the terminal and the video conference server specifically includes:
the terminal generates a user name required for participating in the video conference, then initiates a registration request to a video conference server according to the user name, and the video conference server informs the terminal of authentication;
the terminal carries out authentication operation to obtain AUTN, then stores the AUTN, and informs the AUTN to a video conference server;
and the video conference server authenticates the received AUTN, and returns the determined information to the terminal when determining that the authentication is successful.
Further, the video conference server carries RAND in the media format negotiation request sent to the terminal, the terminal calculates an encryption key by combining AUTN and RAND, and then negotiates an encryption key and an encryption algorithm with the video conference server, specifically:
the video conference server adds a key negotiation field and a supported encryption algorithm in a media format negotiation request for performing media format negotiation with the terminal;
the terminal calculates an encryption key by combining the RAND carried in the media format negotiation request and the AUTN obtained in the authentication process, and informs the video conference server of a value corresponding to the encryption key and a supported encryption algorithm obtained by calculation;
and the video conference server compares the calculated value corresponding to the encryption key with the value sent by the terminal and informs the terminal of the comparison result.
The invention also provides a system for encrypting the video conference data by the terminal, which comprises: a terminal and a video conference server; wherein,
the terminal is used for executing authentication operation with the video conference server and generating AUTN in the authentication process; determining to execute media format negotiation operation with the video conference server after passing the authentication, and calculating to obtain an encryption key by combining the AUTN and the RAND sent by the video conference server; carrying out negotiation of an encryption key and an encryption algorithm with the video conference server, and carrying out encryption communication with the video conference server after the negotiation is determined to be unified;
the video conference server is used for executing authentication operation with the terminal; determining that the terminal executes the media format negotiation operation with the terminal after passing the authentication, and sending a media format negotiation request carrying the RAND to the terminal; and negotiating with the terminal for an encryption key and an encryption algorithm, and carrying out encryption communication with the terminal after determining that the negotiation is unified.
The terminal is further used for re-executing the authentication operation with the video conference server after determining that the authentication is not passed; accordingly, the method can be used for solving the problems that,
the video conference server is further used for re-executing the authentication operation with the terminal after the terminal is determined not to pass the authentication.
The terminal is further used for re-executing the media format negotiation operation with the video conference server when the encryption key negotiation with the video conference server is determined to be not unified; accordingly, the method can be used for solving the problems that,
the video conference server is further configured to re-execute the media format negotiation operation with the terminal when determining that the encryption key negotiation with the terminal is not uniform.
In the above scheme, the terminal performs an authentication operation with the video conference server, and generates an AUTN in the authentication process, specifically:
and generating a user name required for participating in the video conference, then initiating a registration request to the video conference server, receiving an authentication notification of the video conference server, performing authentication operation to obtain an AUTN (auto-Telnet-transport network), storing the AUTN, and notifying the AUTN to the video conference server.
The terminal generates AUTN in the authentication process with the video conference server, after the authentication is successful, the video conference server carries RAND in a media format negotiation request sent to the terminal, the terminal calculates an encryption key by combining the AUTN and the RAND, then negotiates the encryption key and an encryption algorithm with the video conference server, and starts to carry out encrypted communication between the two parties after the negotiation is unified. The invention can realize the encryption of the data of the video conference, ensure the confidentiality transmission of the data of the video conference, and effectively prevent the interception by a third party in the process of the communication between the terminal and the server because the encryption keys generated by each terminal are different because the registered user names of each terminal in the video conference are different.
Drawings
Fig. 1 is a schematic view of a flow of implementing a method for encrypting videoconference data by a terminal according to the present invention;
FIG. 2 is a schematic flow chart of an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a system for encrypting videoconference data by the terminal according to the present invention.
Detailed Description
The basic idea of the invention is: the terminal generates a network authentication token (AUTN) in the authentication process with the video conference server, after the authentication is successful, the video conference server carries a Random Access Number (RAND) in a media format negotiation request sent to the terminal, the terminal calculates an encryption key by combining the AUTN and the RAND, then negotiates the encryption key and an encryption algorithm with the video conference server, and encrypted communication between the two parties is started after the negotiation is unified.
And if the authentication fails, the terminal re-executes the authentication operation with the video conference server.
Further, if the encryption key negotiation between the terminal and the video conference server is not uniform, the terminal re-executes the media format negotiation operation with the video conference server.
The invention is described in further detail below with reference to the figures and the embodiments.
Fig. 1 is a schematic view of an implementation process of a method for encrypting video conference data by a terminal according to the present invention, and as shown in fig. 1, the process includes the following steps:
step 101: the terminal generates AUTN in the authentication process with the video conference server;
step 102: after the authentication is successful, the video conference server carries the RAND in a media format negotiation request sent to the terminal;
step 103: the terminal calculates an encryption key by combining AUTN and RAND;
step 104: and the terminal and the video conference server negotiate an encryption key and an encryption algorithm, and after negotiation is unified, encryption communication between the two parties is started.
Fig. 2 is a schematic flow chart of an embodiment of the present invention, and as shown in fig. 2, the flow chart includes the following steps:
step 201: a terminal generates a user name required for participating in a video conference;
the method specifically comprises the following steps: the terminal sends a request message to a Subscriber Identity Module (SIM) in the terminal to request to obtain an International Mobile Subscriber Identity (IMSI), the IMSI is organized into a Universal Resource Identifier (URI) with a format of IMSI @ imsi.ctcims.cn after the terminal receives the IMSI returned by the SIM, and the URI is defined as a user name of the terminal and is used as a terminal identifier for interaction between the terminal and a video conference server.
Step 202: the terminal initiates a registration request to the video conference server according to the generated user name, and the video conference server informs the terminal of authentication;
the method specifically comprises the following steps: the terminal initiates a registration request to the videoconference server according to the generated user name, the videoconference server returns a reply request message to the terminal after receiving the registration request, the message carries a code 401, informs the terminal of the corresponding user name of needing authentication, and informs the terminal of the authentication information. Here, the authentication information may include: and the name, the IP address and the like of the video conference server are used for the authentication operation of the subsequent terminal.
Step 203: the terminal carries out authentication operation to obtain AUTN, then stores the AUTN, and informs the AUTN to a video conference server;
the method specifically comprises the following steps: the terminal sends a request message to an SIM (subscriber identity Module) in the terminal to request to obtain an Electronic Serial Number (ESN) of the SIM, after receiving the ESN returned by the SIM, the terminal adopts a Digest mechanism to carry out authentication operation on the ESN, the name, the IP address and the like of the video conference server, calculates to obtain a 128-bit response value response, defines the response value response as AUTN (auto-Telnet), stores the AUTN, and informs the AUTN to the video conference server.
Here, the AUTN is different from the AUTN involved in the IMS video conference control plane, and the AUTN on the control plane is a 128-bit value generated by the network authentication center at the time of IMS network registration, and is unique and unchanged after each registration of the terminal unless the terminal exits the conference or deregisters. The invention combines the characteristics of AUTN on the control plane, and considers that the terminal can participate in the video conference only after the authentication is successful, so the response generated in the terminal authentication is defined as AUTN and is just 128 bits.
Step 204: the video conference server authenticates the received AUTN, and after authentication is successful, the determined information is returned to the terminal;
the method specifically comprises the following steps: the video conference server authenticates the AUTN sent by the terminal, if the AUTN is equal to the AUTN calculated by the video conference server, the authentication is successful, and a message carrying the code 200OK is sent to the terminal to inform the terminal of the successful authentication. Here, the video conference server calculates, according to the password information of the SIM in the terminal stored in the video conference server itself and by using the AK algorithm, to obtain the AUTN, where the password information of the SIM is already stored in the video conference server before the SIM is networked, and the process of calculating the AUTN by the video conference server is the prior art.
Further, if the AUTN calculated by the video conference server itself is not equal to the AUTN calculated by the terminal, a message carrying the code 403 is sent to the terminal, which indicates that the terminal fails to pass the authentication and the authentication process fails, and the process returns to step 101 to re-execute the authentication operation.
Step 205: the video conference server requests to perform media format negotiation with the terminal, and a key negotiation field and a supported encryption algorithm are added in the request;
the method specifically comprises the following steps: the video conference server sends Invite message to the terminal to Invite the terminal to join the video conference, and requires the terminal to start media format negotiation with the video conference server, adopts Session Description Protocol (SDP) as a negotiation mechanism, adds an SEC type field in an SDP media line m to indicate that encryption key negotiation is required, lists supported encryption algorithms, and obtains an m-SEC 0 DES \ IDEA \ RC2\ RC4/RC5 RAND.
Here, the SDP media line m is used to negotiate specific parameters such as audio and video codec formats, and m is < media > < port > < transfer > < format list >, the present invention expands the media line m, defined as m is SEC 0 DES \ IDEA \ RC2/RC4\ RC5 RAND, and adds an SEC type field, SEC represents that an encryption key needs to be negotiated, 0 represents that the video conference server sends a negotiation message carrying m to the terminal, 1 represents that the terminal sends a negotiation message carrying m to the video conference server, DES \ IDEA/RC2\ RC4\ RC5 represents different encryption algorithm types, and RAND represents that a random password is passed by the negotiation message.
In this step, DES \ IDEA \ RC2\ RC4\ RC5 in m indicates that the video conference server supports DES, IDEA, RC2, RC4 and RC5 encryption algorithms, and is used for subsequent negotiation of the encryption algorithms with the terminal.
Step 206: the terminal carries out media format negotiation after receiving the request, and calculates an encryption key by combining the RAND and the AUTN in m carried in the request;
the method specifically comprises the following steps: the terminal carries out media format negotiation, takes out RAND in m, then the terminal sends Authentication request information to SIM in the terminal, the request information carries RAND and AUTN stored before, the SIM calculates three values of RES, CK and IK by using AKA algorithm in combination with RAND and AUTN, and returns Authentication Res position information carrying RES, CK and IK to the terminal. Wherein, the CK is the required encryption key.
Step 207: the terminal informs the video conference server of the calculated value corresponding to the encryption key and the supported encryption algorithm;
the method specifically comprises the following steps: the terminal informs the video conference server of the calculated RES corresponding to the encryption key CK and the supported encryption algorithm, such as DES, namely: and sending the message carrying the code 200OK and containing m-SEC 1 DES RES to the video conference server, finishing the negotiation of the encryption algorithm, and subsequently encrypting by adopting a DES encryption algorithm. Here, the encryption algorithm supported by the terminal is the same as one of several encryption algorithms supported by the video conference server in step 105, that is: the terminal and the server negotiate to obtain the same encryption algorithm; the RES replaces the RAND in m sent by the videoconference server for subsequent negotiation of the key.
In the present invention, the computed IK corresponding to CK may also be notified to the video conference server, that is, another m ═ SEC 1 DES IK. Here, the purpose of not directly notifying the CK to the videoconference server is to: information transmission between the terminal and the video conference server is plaintext transmission, if the information is stolen, an encryption key CK carried in the information is revealed, and the confidentiality of the key is not guaranteed.
Step 208: the video conference server compares the calculated value corresponding to the encryption key with the value sent by the terminal and informs the terminal of the comparison result;
the method specifically comprises the following steps: the video conference server compares the RES or IK calculated by combining the RAND and the AUTN and applying the AKA algorithm with the received RES or IK calculated by the terminal, if the RES or the IK and the encryption key have a one-to-one correspondence relationship, if the RES or the IK and the encryption key are unified, the RES or the IK and the encryption key prove that the video conference server and the encryption key of the terminal are the same, and the video conference server sends an ACK message to the terminal to inform the terminal of the unified encryption key negotiation and can start encryption communication; if RES or IK of the two are not uniform, the video conference server is proved to be different from the encryption key of the terminal, the video conference server sends NACK message to the terminal to inform the terminal that the encryption key is not uniform, and the step 105 is required to be returned to restart the media format negotiation process.
Here, the reason why the RES or IK of the terminal and the videoconference server is not uniform may be: the terminal is maliciously tampered in the process of sending the message containing the RES or the IK to the video conference server.
Step 209: after receiving the uniform comparison result, the terminal performs encrypted communication between the two parties with the video conference server;
the method specifically comprises the following steps: the terminal encrypts local video data, audio data and the like by using an encryption key and an encryption algorithm determined by negotiation, packages the encrypted data by using a real-time transport protocol (RTP), and sends the packaged data to a video conference server; and for the data sent by the video conference server, the terminal decrypts the received data and plays the data.
Fig. 3 is a schematic structural diagram of a system for encrypting videoconference data by a terminal according to the present invention, and as shown in fig. 3, the system includes: a terminal and a video conference server; wherein,
the terminal is used for executing authentication operation with the video conference server and generating AUTN in the authentication process; determining to execute media format negotiation operation with the video conference server after passing the authentication, and calculating to obtain an encryption key by combining the AUTN and the RAND sent by the video conference server; carrying out negotiation of an encryption key and an encryption algorithm with the video conference server, and carrying out encryption communication with the video conference server after the negotiation is determined to be unified;
the video conference server is used for executing authentication operation with the terminal; determining that the terminal executes the media format negotiation operation with the terminal after passing the authentication, and sending a media format negotiation request carrying the RAND to the terminal; and negotiating with the terminal for an encryption key and an encryption algorithm, and carrying out encryption communication with the terminal after determining that the negotiation is unified.
Here, the terminal performs an authentication operation with the videoconference server, and generates an AUTN in the authentication process, specifically:
and generating a user name required for participating in the video conference, then initiating a registration request to the video conference server, receiving an authentication notification of the video conference server, performing authentication operation to obtain an AUTN (auto-Telnet-transport network), storing the AUTN, and notifying the AUTN to the video conference server.
The terminal is further used for re-executing the authentication operation with the video conference server after determining that the authentication is not passed; accordingly, the method can be used for solving the problems that,
the video conference server is further used for re-executing the authentication operation with the terminal after the terminal is determined not to pass the authentication.
The terminal is further used for re-executing the media format negotiation operation with the video conference server when the encryption key negotiation with the video conference server is determined to be not unified; accordingly, the method can be used for solving the problems that,
the video conference server is further configured to re-execute the media format negotiation operation with the terminal when determining that the encryption key negotiation with the terminal is not uniform.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements, etc. that are within the spirit and principle of the present invention should be included in the present invention.
Claims (9)
1. A method for a terminal to encrypt videoconference data, the method comprising:
the terminal generates a network authentication token AUTN in the authentication process with the video conference server, after the authentication is successful, the video conference server carries a random password RAND in a media format negotiation request sent to the terminal, the terminal calculates an encryption key by combining the AUTN and the RAND, then negotiates the encryption key and an encryption algorithm with the video conference server, and encrypted communication between the two parties is started after the negotiation is unified.
2. The method for encrypting videoconference data by a terminal according to claim 1, wherein the authenticating the terminal with the videoconference server further comprises:
and after the authentication fails, the terminal executes the authentication operation with the video conference server again.
3. The method for encrypting videoconference data by a terminal according to claim 1 or 2, wherein during the negotiation of the encryption key and the encryption algorithm between the terminal and the videoconference server, the method further comprises:
and if the encryption key negotiation between the terminal and the video conference server is not uniform, the terminal re-executes the media format negotiation operation between the terminal and the video conference server.
4. The method for encrypting videoconference data by the terminal according to claim 1 or 2, wherein the authentication process between the terminal and the videoconference server specifically comprises:
the terminal generates a user name required for participating in the video conference, then initiates a registration request to a video conference server according to the user name, and the video conference server informs the terminal of authentication;
the terminal carries out authentication operation to obtain AUTN, then stores the AUTN, and informs the AUTN to a video conference server;
and the video conference server authenticates the received AUTN, and returns the determined information to the terminal when determining that the authentication is successful.
5. The method for encrypting the videoconference data by the terminal according to claim 1 or 2, wherein the videoconference server carries RAND in the media format negotiation request sent to the terminal, the terminal calculates the encryption key by combining AUTN and RAND, and then negotiates the encryption key and the encryption algorithm with the videoconference server, specifically:
the video conference server adds a key negotiation field and a supported encryption algorithm in a media format negotiation request for performing media format negotiation with the terminal;
the terminal calculates an encryption key by combining the RAND carried in the media format negotiation request and the AUTN obtained in the authentication process, and informs the video conference server of a value corresponding to the encryption key and a supported encryption algorithm obtained by calculation;
and the video conference server compares the calculated value corresponding to the encryption key with the value sent by the terminal and informs the terminal of the comparison result.
6. A system for a terminal to encrypt videoconference data, the system comprising: a terminal and a video conference server; wherein,
the terminal is used for executing authentication operation with the video conference server and generating AUTN in the authentication process; determining to execute media format negotiation operation with the video conference server after passing the authentication, and calculating to obtain an encryption key by combining the AUTN and the RAND sent by the video conference server; carrying out negotiation of an encryption key and an encryption algorithm with the video conference server, and carrying out encryption communication with the video conference server after the negotiation is determined to be unified;
the video conference server is used for executing authentication operation with the terminal; determining that the terminal executes the media format negotiation operation with the terminal after passing the authentication, and sending a media format negotiation request carrying the RAND to the terminal; and negotiating with the terminal for an encryption key and an encryption algorithm, and carrying out encryption communication with the terminal after determining that the negotiation is unified.
7. The system for encrypting videoconference data according to claim 6, wherein the terminal is further configured to re-perform the authentication with the videoconference server if it is determined that the authentication is not successful; accordingly, the method can be used for solving the problems that,
the video conference server is further used for re-executing the authentication operation with the terminal after the terminal is determined not to pass the authentication.
8. The system for encrypting videoconference data according to claim 6 or 7, wherein the terminal is further configured to re-perform a media format negotiation operation with the videoconference server if it is determined that the encryption key negotiation with the videoconference server is not uniform; accordingly, the method can be used for solving the problems that,
the video conference server is further configured to re-execute the media format negotiation operation with the terminal when determining that the encryption key negotiation with the terminal is not uniform.
9. The system for encrypting videoconference data by a terminal according to claim 6 or 7, wherein the terminal performs an authentication operation with a videoconference server and generates an AUTN during the authentication, specifically:
and generating a user name required for participating in the video conference, then initiating a registration request to the video conference server, receiving an authentication notification of the video conference server, performing authentication operation to obtain an AUTN (auto-Telnet-transport network), storing the AUTN, and notifying the AUTN to the video conference server.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910090587 CN101635823B (en) | 2009-08-27 | 2009-08-27 | Method and system of terminal for encrypting videoconference data |
| PCT/CN2010/072870 WO2011022999A1 (en) | 2009-08-27 | 2010-05-18 | Method and system for encrypting video conference data by terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910090587 CN101635823B (en) | 2009-08-27 | 2009-08-27 | Method and system of terminal for encrypting videoconference data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101635823A true CN101635823A (en) | 2010-01-27 |
| CN101635823B CN101635823B (en) | 2011-09-21 |
Family
ID=41594859
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910090587 Active CN101635823B (en) | 2009-08-27 | 2009-08-27 | Method and system of terminal for encrypting videoconference data |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101635823B (en) |
| WO (1) | WO2011022999A1 (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011022999A1 (en) * | 2009-08-27 | 2011-03-03 | 中兴通讯股份有限公司 | Method and system for encrypting video conference data by terminal |
| CN102594794A (en) * | 2011-12-24 | 2012-07-18 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN102647420A (en) * | 2012-03-31 | 2012-08-22 | 苏州阔地网络科技有限公司 | Control method and system for preventing illegal connection |
| CN103914541A (en) * | 2014-04-03 | 2014-07-09 | 小米科技有限责任公司 | Information search method and device |
| CN104579628A (en) * | 2015-01-07 | 2015-04-29 | 中国人民解放军国防科学技术大学 | Audio conference safety secrecy system and method |
| CN104753870A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Data transmission method and system |
| WO2015192454A1 (en) * | 2014-06-17 | 2015-12-23 | 中兴通讯股份有限公司 | Call encryption processing method and device |
| CN105205645A (en) * | 2014-06-30 | 2015-12-30 | 江苏韦度一号信息科技有限公司 | Digital office system |
| CN105959264A (en) * | 2016-04-25 | 2016-09-21 | 四川联友电讯技术有限公司 | Method for improving information security of fragmentized asynchronous conference system |
| CN107026830A (en) * | 2016-02-02 | 2017-08-08 | 上海格尔软件股份有限公司 | The safety method that a kind of application program is upgraded automatically |
| CN107124266A (en) * | 2017-03-07 | 2017-09-01 | 苏州科达科技股份有限公司 | Video communication system and method based on quantum cryptography |
| CN107426521A (en) * | 2016-05-24 | 2017-12-01 | 中兴通讯股份有限公司 | A kind of video call method and terminal |
| CN107948676A (en) * | 2017-12-08 | 2018-04-20 | 苏州科达科技股份有限公司 | Method of transmitting video data and device |
| CN108055262A (en) * | 2017-12-11 | 2018-05-18 | 苏州科达科技股份有限公司 | Video conference terminal register method, terminal and gatekeeper |
| CN108833943A (en) * | 2018-04-24 | 2018-11-16 | 苏州科达科技股份有限公司 | The encrypted negotiation method, apparatus and conference terminal of code stream |
| CN110602432A (en) * | 2019-08-23 | 2019-12-20 | 苏州米龙信息科技有限公司 | Conference system based on biological recognition and conference data transmission method |
| CN110858969A (en) * | 2018-08-23 | 2020-03-03 | 刘高峰 | Client registration method, device and system |
| CN113347215A (en) * | 2021-08-09 | 2021-09-03 | 北京电信易通信息技术股份有限公司 | Encryption method for mobile video conference |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016082B (en) * | 2020-10-26 | 2021-01-22 | 成都掌控者网络科技有限公司 | Authority list safety control method |
| CN112672098B (en) * | 2020-12-30 | 2022-09-20 | 北京真视通数字科技有限公司 | A cloud video conference encryption method, device and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1626598A1 (en) * | 2004-06-21 | 2006-02-15 | Axalto SA | Method for securing an authentication and key agreement protocol |
| CN101176296A (en) * | 2005-03-11 | 2008-05-07 | 艾利森电话股份有限公司 | Network assisted terminal to SIMM/UICC key establishment |
| CN1859087A (en) * | 2005-12-30 | 2006-11-08 | 华为技术有限公司 | Key consulting method and its system for customer end and server |
| CN101197673B (en) * | 2006-12-05 | 2011-08-10 | 中兴通讯股份有限公司 | Fixed network access into IMS bidirectional authentication and key distribution method |
| CN101635823B (en) * | 2009-08-27 | 2011-09-21 | 中兴通讯股份有限公司 | Method and system of terminal for encrypting videoconference data |
-
2009
- 2009-08-27 CN CN 200910090587 patent/CN101635823B/en active Active
-
2010
- 2010-05-18 WO PCT/CN2010/072870 patent/WO2011022999A1/en active Application Filing
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011022999A1 (en) * | 2009-08-27 | 2011-03-03 | 中兴通讯股份有限公司 | Method and system for encrypting video conference data by terminal |
| CN102594794B (en) * | 2011-12-24 | 2015-04-29 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN102594794A (en) * | 2011-12-24 | 2012-07-18 | 华为技术有限公司 | Access method and device of media encryption conference |
| CN102647420A (en) * | 2012-03-31 | 2012-08-22 | 苏州阔地网络科技有限公司 | Control method and system for preventing illegal connection |
| CN104753870B (en) * | 2013-12-30 | 2018-09-28 | 中国移动通信集团公司 | a kind of data transmission method and system |
| CN104753870A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Data transmission method and system |
| CN103914541B (en) * | 2014-04-03 | 2017-08-01 | 小米科技有限责任公司 | The method and device of information search |
| CN103914541A (en) * | 2014-04-03 | 2014-07-09 | 小米科技有限责任公司 | Information search method and device |
| WO2015192454A1 (en) * | 2014-06-17 | 2015-12-23 | 中兴通讯股份有限公司 | Call encryption processing method and device |
| CN105246070A (en) * | 2014-06-17 | 2016-01-13 | 中兴通讯股份有限公司 | Encryption processing method and encryption processing device for communication |
| CN105205645A (en) * | 2014-06-30 | 2015-12-30 | 江苏韦度一号信息科技有限公司 | Digital office system |
| CN104579628A (en) * | 2015-01-07 | 2015-04-29 | 中国人民解放军国防科学技术大学 | Audio conference safety secrecy system and method |
| CN104579628B (en) * | 2015-01-07 | 2017-10-17 | 中国人民解放军国防科学技术大学 | Audio conferencing security system and time slot scrambling |
| CN107026830A (en) * | 2016-02-02 | 2017-08-08 | 上海格尔软件股份有限公司 | The safety method that a kind of application program is upgraded automatically |
| CN105959264A (en) * | 2016-04-25 | 2016-09-21 | 四川联友电讯技术有限公司 | Method for improving information security of fragmentized asynchronous conference system |
| CN107426521A (en) * | 2016-05-24 | 2017-12-01 | 中兴通讯股份有限公司 | A kind of video call method and terminal |
| CN107124266A (en) * | 2017-03-07 | 2017-09-01 | 苏州科达科技股份有限公司 | Video communication system and method based on quantum cryptography |
| CN107948676A (en) * | 2017-12-08 | 2018-04-20 | 苏州科达科技股份有限公司 | Method of transmitting video data and device |
| CN108055262A (en) * | 2017-12-11 | 2018-05-18 | 苏州科达科技股份有限公司 | Video conference terminal register method, terminal and gatekeeper |
| CN108055262B (en) * | 2017-12-11 | 2020-08-18 | 苏州科达科技股份有限公司 | Video conference terminal registration method, terminal and gatekeeper |
| CN108833943A (en) * | 2018-04-24 | 2018-11-16 | 苏州科达科技股份有限公司 | The encrypted negotiation method, apparatus and conference terminal of code stream |
| CN110858969A (en) * | 2018-08-23 | 2020-03-03 | 刘高峰 | Client registration method, device and system |
| CN110602432A (en) * | 2019-08-23 | 2019-12-20 | 苏州米龙信息科技有限公司 | Conference system based on biological recognition and conference data transmission method |
| CN113347215A (en) * | 2021-08-09 | 2021-09-03 | 北京电信易通信息技术股份有限公司 | Encryption method for mobile video conference |
| CN113347215B (en) * | 2021-08-09 | 2021-10-01 | 北京电信易通信息技术股份有限公司 | Encryption method for mobile video conference |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011022999A1 (en) | 2011-03-03 |
| CN101635823B (en) | 2011-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
| US9167422B2 (en) | Method for ensuring media stream security in IP multimedia sub-system | |
| JP4284324B2 (en) | Method and mobile radio system for forming and distributing encryption key in mobile radio system | |
| US7382881B2 (en) | Lawful interception of end-to-end encrypted data traffic | |
| KR101461455B1 (en) | Authentication method, system and device | |
| JP5106682B2 (en) | Method and apparatus for machine-to-machine communication | |
| JP5496907B2 (en) | Key management for secure communication | |
| CN100571134C (en) | Method for Authenticating User Terminal in IP Multimedia Subsystem | |
| WO2015180654A1 (en) | Method and apparatus for achieving secret communications | |
| CN101379802B (en) | Method and device for the encoded transmission of media data between the media server and the subscriber terminal | |
| US8875236B2 (en) | Security in communication networks | |
| CN101420413A (en) | Session cipher negotiating method, network system, authentication server and network appliance | |
| JP4838881B2 (en) | Method, apparatus and computer program product for encoding and decoding media data | |
| WO2008040213A1 (en) | Message encryption and signature method, system and device in communication system | |
| CN101222320A (en) | Method, system and device for media stream safety context negotiation | |
| EP3248355B1 (en) | Enhanced establishment of ims session with secure media | |
| US8539564B2 (en) | IP multimedia security | |
| CN102065069A (en) | Method and system for authenticating identity and device | |
| CN101222612A (en) | Method and system for safely transmitting media stream | |
| Chen et al. | An efficient end-to-end security mechanism for IP multimedia subsystem | |
| WO2008083620A1 (en) | A method, a system and an apparatus for media flow security context negotiation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |